Privacy and the regulation of 2012

The European Union has approved a new Regulation that lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. This Regulation will apply to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. It will also apply to the processing of personal data by a controller not established in the Union in certain circumstances. This article is a little abstract of part of the Regulation content.

Business Lawyer, 2014

This article explores recent developments in European Union data privacy and data protection law, through an analysis of European Union advisory guidance, independent administrative agency enforcement action, case law, and legislative reform in the areas of digital technologies, the internet, telecommunications and personal data. In the first case, Article 29 Working Party guidance on anonymization techniques – so important in the field of big data – is discussed and distinguished from pseudonymization. Next, Google privacy policy enforcement action by various EU Member State data protection agencies (inter alia, France, Germany, Italy, the Netherlands and Spain) is chronicled, with lessons being drawn for businesses regarding privacy policies and data protection compliance generally. Thirdly, European Union Court of Justice joined cases Digital Rights Ir. Ltd. V. Minister for Comm. Marine & Natural Res., invalidating the EU Data Retention Directive, which was applicable to providers of publicly available electronic communications services and public communications networks, such as ISPs and telecom operators, is analyzed and the WP29 reaction to the decision is discussed. The Data Retention Directive decision and recent legislative action on the proposed EU General Data Protection Regulation (GDPR) highlight the importance in Europe of the protection of individuals’ fundamental rights to privacy and freedom of expression in the internet and telecommunications context. Finally, this article discusses recent developments regarding the GDPR, while the revelations of U.S. NSA mass surveillance programs continued to preoccupy European lawmakers. PLEASE NOTE THAT THIS PAPER MAY BE DOWNLOADED USING THE SSRN LINK PROVIDED.

Computer Law Review International, 2018

This article concerns the national data privacy laws of the EU Member States which introduced specific domestic laws supplementing GDPR during the third quarter of 2018. The article provides an overview of how such EU Member States have adjusted their domestic data protection laws in the following core areas: (1) domestic legislation; (2) definitions; (3) relevant supervisory authority; (4) registration requirements; (5) data protection officer (DPO); (6) collection and processing; (7) data subject rights; (8) data transfer to third countries; (9) security of personal data; (10) data breach notification; (11) enforcement; (12) data processing in employment context; (13) provisions relating to specific processing situations (chapter 9 of the GDPR); (14) electronic marketing; (15) online privacy; (16) other notable domestic regulations.

On the 27th April 2016, the REGULATION (EU) 2016/679 (GDPR) was adopted by the Member States of the EU with the plan of achieving harmonization and uniformity in the applicable data protection rules in Member States. This Regulation did introduce new provisions into the body of laws on data protection and this could be to some extent knotty owing to their relative novelty. This paper carries out an analysis of key provisions of the said Regulation with the aim of examining, as much as possible, the possible expectations under the said regulation.

Computer Law & Security Review, 2014

The year 2010 set an important milestone in the development of data protection law in Europe: both Europe's basic regulatory texts, the EU Data Protection Directive and the Council's Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108), were placed at an amendment process, having served individual data protection for many years and witnessed in the meantime technological developments that threatened to make their provisions obsolete. After briefly presenting Convention 108, the analysis that follows will highlight the Council's data protection system currently in effect as well as developments relating to the Convention's amendment so far with the aim of identifying improvements and shortcomings. While doing this two separate points of view shall be adopted: at first a micro point of view will attempt to identify improvements and shortcomings through an 'insider' perspective, that is, judging only the merits and difficulties of the draft text at hand. Afterwards a macroscopic view will be adopted, whereby strategic issues will be discussed pertaining to the important issue of the relationship of the suggested draft with the EU data protection system, as well as, the same draft's potential to constitute the next global information privacy standard.

As far as the technology has become more user friendly, individuals exchange more data between themselves using technological tools. The communication between individuals has become faster and more intense. In parallel to these developments, the norms and values of the societies, thus of the individuals have changed and the meaning of data privacy has being re-interpreted in today’s world. Each development in the technology fuels another one. In parallel to that, individuals’ interactions have gained new formats based on the new technologies. On the other hand, political concerns, like more need to defend public security should also be mentioned. While encouraging the developments of the new technologies, the States consider to maintain their citizens’ security and rights to their personal data protection. How far the European Union, with its legislation for data protection, is reaching to this target? This study will give some highlights for answering this question.

2014

Purpose – To review and critically discuss the current state of privacy in the context of constant technological changes and to emphasize the pace of technological advancements and developments reached over the time when the last EU data protection laws came into effect. These facts inevitably affect the perception of privacy and raise the question of whether privacy is dead or takes the last breath in the digital age? This paper is an attempt to address this question. Design/Methodology/Approach – Based on the comparison and systematic analysis of scientific literature, the authors discuss problematic issues related to privacy and data protection in the technology era – where these issues are too complicated to be clearly regulated by laws and rules since “laws move as a function of years and technology moves as a function of months” (Ron Rivest). Therefore, this analytical approach towards the issue may help to facilitate reaching the best-fit decision in this area. Findings – The...

Library Philosophy and Practice (e-journal)- Scopus Indexed, 2019

Protection of personal data in recent decades became more crucial affecting by emergence of the new technologies especially computer, internet, information and communications technology. However, Europeans felt this necessity at time and provided for up-to-date and supportive laws. The General Data Protection Regulation (GDPR) is the latest legislation in EU to protect personal data of individuals based on the recent technological advancements. However, its' domestic and international output still is debatable. This doctrinal legal study by using descriptive methods, aimed to evaluate the GDPR through analyzing and interpreting its' provisions by especial focus on its' innovations. The results show that the GDPR is much developed in comparison with previous personal data protection documents and will be a referred reference for the rest of the world in the near future.

Information & Communications Technology Law, 2019

This paper introduces the strategic approach to regulating personal data and the normative foundations of the European Union's General Data Protection Regulation ('GDPR'). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR's approach and provisions; and make predictions about the GDPR's implications. We also highlight where the GDPR takes a different approach than U.S. privacy law. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed regulatory regime, that will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some informationintensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.

This study addresses the new challenges stemming from data processing policies and systems falling in the scope of police and judicial cooperation in criminal matters in the EU Area of Freedom, Security and Justice. It identifies a set of common basic principles and standards for the genuine assurance of data protection in all the phases of EU policymaking and for the effective implementation of this fundamental right. The study puts forward a set of recommendations to guide the European Parliament's role and legislative inputs into the upcoming revision of the EU legal framework on data protection, which is expected to be launched by the end of 2011.